build(deps): bump the python-deps group in /apps/api with 7 updates

[dependabot]

Bumps the python-deps group in /apps/api with 7 updates:

Package	From	To
fastapi	0.138.0	0.138.1
mcp	1.28.0	1.28.1
jsonschema-rs	0.46.5	0.46.6
anthropic	0.111.0	0.112.0
ruff	0.15.18	0.15.20
pyright	1.1.410	1.1.411
httpx2	2.4.0	2.5.0

Updates fastapi from 0.138.0 to 0.138.1

Release notes

Sourced from fastapi's releases.

0.138.1

Refactors

• ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

• 👷 Simplify pull request workflow triggers. PR #15836 by @​tiangolo.
• 👷 Update issue-manager to 0.7.1. PR #15833 by @​tiangolo.
• ⬆️ Update issue-manager to 0.7.0. PR #15831 by @​tiangolo.
• 🔧 Update sponsors: Add TestMu again. PR #15830 by @​tiangolo.
• 🔒️ Update zizmor workflow security checks. PR #15820 by @​tiangolo.
• ⬆ Bump pydantic-settings from 2.14.1 to 2.14.2. PR #15799 by @​dependabot[bot].

Commits

• b90c49a 🔖 Release version 0.138.1 (#15842)
• 1f2f3df 📝 Update release notes
• 0af003a ♻️ Refactor Library Skills, make info easier to find for agents (#15841)
• d5494c1 📝 Update release notes
• 82c527e 👷 Simplify pull request workflow triggers (#15836)
• 3f28dbe 📝 Update release notes
• f6ea6b1 👷 Update issue-manager to 0.7.1 (#15833)
• 219ac63 📝 Update release notes
• fcc8e1f ⬆️ Update issue-manager to 0.7.0 (#15831)
• 457f4c7 📝 Update release notes
• Additional commits viewable in compare view

Updates mcp from 1.28.0 to 1.28.1

Commits

• 777b8d0 [v1.x] Support TransportSecuritySettings in the WebSocket server transport (#...
• 4720467 [v1.x] Set Development Status classifier to Production/Stable (#2976)
• 6df3d73 [v1.x] Buffer per-request StreamableHTTP streams; store priming event before ...
• See full diff in compare view

Updates jsonschema-rs from 0.46.5 to 0.46.6

Release notes

Sourced from jsonschema-rs's releases.

[CLI] Release 0.46.6

No release notes provided.

[Python] Release 0.46.6

Fixed

• prefixItems incorrectly recognised as a known keyword in Draft 2019-09 and earlier (it is 2020-12 only).
• pattern validation errors displayed the internally translated regex instead of the original schema pattern. #1149
• Reuse registry retrievers when only registry is passed.
• Reference leak when serializing large integers on Python 3.12+.

[Ruby] Release 0.46.6

Fixed

• prefixItems incorrectly recognised as a known keyword in Draft 2019-09 and earlier (it is 2020-12 only).
• pattern validation errors displayed the internally translated regex instead of the original schema pattern. #1149
• Reuse registry retrievers when only registry is passed.

[Rust] Release 0.46.6

Added

• IntoRegistryResource for Arc<Value>. #1129

Fixed

• prefixItems incorrectly recognised as a known keyword in Draft 2019-09 and earlier (it is 2020-12 only).
• pattern validation errors displayed the internally translated regex instead of the original schema pattern. #1149

Changelog

Sourced from jsonschema-rs's changelog.

[0.46.6] - 2026-06-24

Added

• IntoRegistryResource for Arc<Value>. #1129

Fixed

• prefixItems incorrectly recognised as a known keyword in Draft 2019-09 and earlier (it is 2020-12 only).
• pattern validation errors displayed the internally translated regex instead of the original schema pattern. #1149

Commits

• 332f539 chore(rust): Release 0.46.6
• 7ceccf9 chore(ci): Add codecov config and CI/fuzz infra tweaks
• 210cc32 refactor(python): Extract pattern_options parsing into regex module
• bb50b10 refactor: Extract BuiltinFormat enum for format dispatch
• 0028582 test: Select test-suite draft explicitly for all drafts
• b15474c refactor(python): Add recursive JsonValue alias for returned JSON
• 488794c refactor(cli): Extract shared format-assertion args and registry builder
• a34caf6 test: Gate file-retrieval test helpers behind resolve-file feature
• ca9610e build(deps): bump crates/jsonschema-referencing/tests/suite
• f1b34da refactor: Reorder JsonType variants
• Additional commits viewable in compare view

Updates anthropic from 0.111.0 to 0.112.0

Release notes

Sourced from anthropic's releases.

v0.112.0

0.112.0 (2026-06-24)

Full Changelog: v0.111.0...v0.112.0

Features

• client: add support for system.message streaming events (2450d59)

Bug Fixes

• memory tool: create parent directories with the correct permissions (#135) (f2fc2a9)

Chores

• api: add support for new refusal category (5ab533e)
• api: add support for sending User Profile ID in request headers (83319be)

Changelog

Sourced from anthropic's changelog.

0.112.0 (2026-06-24)

Full Changelog: v0.111.0...v0.112.0

Features

• client: add support for system.message streaming events (2450d59)

Bug Fixes

• memory tool: create parent directories with the correct permissions (#135) (f2fc2a9)

Chores

• api: add support for new refusal category (5ab533e)
• api: add support for sending User Profile ID in request headers (83319be)

Commits

• c986624 release: 0.112.0
• e633dff chore(api): add support for new refusal category
• a28468e chore(api): add support for sending User Profile ID in request headers
• 97d3d9b fix(memory tool): create parent directories with the correct permissions (#135)
• 0868a68 feat(client): add support for system.message streaming events
• See full diff in compare view

Updates ruff from 0.15.18 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

• Allow human-readable names in rule selectors (#25887)
• Emit a warning instead of an error for unknown rule selectors (#26113)
• Match noqa shebang handling in ruff:ignore comments (#26286)
• [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

• Add versioning sections to custom crate READMEs (#26317)
• Update ruff_python_parser README for crates.io (#26315)
• [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

• @​dhruvmanila
• @​MichaReiser
• @​ntBre
• @​trilamsr

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

• Allow human-readable names in rule selectors (#25887)
• Emit a warning instead of an error for unknown rule selectors (#26113)
• Match noqa shebang handling in ruff:ignore comments (#26286)
• [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

• Add versioning sections to custom crate READMEs (#26317)
• Update ruff_python_parser README for crates.io (#26315)
• [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

• @​dhruvmanila
• @​MichaReiser
• @​ntBre
• @​trilamsr

0.15.19

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits

• f82a36b Bump 0.15.20 (#26376)
• af32943 Improve the summarise-ecosystem-results skill (#26378)
• 485ebab Remove RUF076 name from schema (#26371)
• ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
• 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
• f703f21 Allow human-readable names in rule selectors (#25887)
• 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
• dbe6e98 [ty] Infer definite equality comparison results (#26337)
• e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
• 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
• Additional commits viewable in compare view

Updates pyright from 1.1.410 to 1.1.411

Commits

• 392b6ba Pyright NPM Package update to 1.1.411 (#363)
• See full diff in compare view

Updates httpx2 from 2.4.0 to 2.5.0

Changelog

Sourced from httpx2's changelog.

2.5.0 (June 25th, 2026)

Added

• Add native server-sent events support via client.sse(). (#1046)
• Support | and |= operators for Headers. (#1047)

Fixed

• Allow IPv6 CIDR notation in no_proxy. (#967)

Commits

• 9b7ee8e Version 2.5.0 (#1051)
• 9d5dd67 Inline SSE header defaults using the Headers union operator (#1049)
• a6e4c43 Suppress empty SSE keepalive events and accept case-insensitive content type ...
• f1a6268 Support | and |= operators for Headers (#1047)
• e709094 Add native server-sent events support via client.sse() (#1046)
• 82b9e2d Allow IPv6 CIDR notation in no_proxy (#967)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.